Ransomware Attack on Middletown Township by INC Ransom Group

Overview of Middletown Township

Middletown Township, situated in Monmouth County, New Jersey, is a suburban community governed by a Township Committee. This five-member committee is responsible for legislative functions, policy-making, and overseeing the township's administration. Middletown Township offers a variety of services through departments such as Public Safety, Public Works, Parks and Recreation, Planning and Zoning, Health and Social Services, Finance and Taxation, and the Clerk's Office.

The township's official website provides comprehensive information for residents and visitors, including details on township services, news, announcements, and online services like bill payments and permit applications.

Details of the Ransomware Attack

The ransomware group Incransom recently claimed responsibility for a cyber attack on Middletown Township's government servers. This attack disrupted server access, including email services, for about three weeks. Town Administrator Anthony Mercantante reported that while most issues have been resolved, some interruptions persist as the township carefully restores its systems to ensure data security. The incident is under criminal and forensic investigation, limiting the release of further details. Mercantante assured that any affected parties would be notified if confidential data was accessed. The attack resulted in the exfiltration of 600 GB of data from the police and town hall.

About INC Ransom Group

INC Ransom is a sophisticated cybercriminal group known for targeted ransomware attacks on corporate and organizational networks. The group uses advanced techniques such as spear-phishing campaigns, exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler, and employing both Commercial Off-The-Shelf (COTS) software and legitimate system tools for reconnaissance and lateral movement within a network. Incransom's attacks involve encrypting data and stealing it, threatening to release it publicly—a tactic known as double extortion—to pressure victims into complying with ransom demands.

Potential Vulnerabilities and Penetration Methods

The group likely penetrated Middletown Township's systems using advanced techniques. Spear-phishing campaigns may have been employed to gain initial access by tricking employees into clicking malicious links or downloading infected attachments. Exploiting known vulnerabilities, such as CVE-2023-3519 in Citrix NetScaler, could have allowed the group to bypass security measures and gain deeper network access. Once inside, Incransom likely used legitimate system tools and COTS software for reconnaissance and lateral movement, enabling them to locate and exfiltrate sensitive data.

Sources

• Middletown Township Official Website
• SentinelOne - Anthology: Incransom
• Huntress - Investigating New Incransom Group Activity